dorfonbikes Posted March 26, 2015 Share Posted March 26, 2015 At work I always have to turn my phone's WIFI off and switch over to cellular to use my C4 app so I figured I'd make some firewall rules to allow it out to 4Sight. In my logs, I'm seeing that it's always trying to access the local address of my main controller at home on port 5021 (which it won't ever get to without me turning on my VPN), and public addresses of 204.246.138.170 on port 3478 and 52.0.141.120 on 44537, 44904, 45577, and 45900 so far. The 52.0.141.120 is always using a different port. Is there a known list of ports it uses or is there an upper and lower bound to a port range? Are those two the only two public addresses I need to allow? Any help would be appreciated. Link to comment Share on other sites More sharing options...
Matt Posted March 26, 2015 Share Posted March 26, 2015 @dorfonbikes Your corporate office is using egress filtering Unfortunately you cannot count on the IP addresses always being the same; especially on relay servers. These servers are using latency DNS's and Control4 could spin up/down instances as needed. Knowing the ports isn't going to help your case here or may work one day but not the next. Matt Link to comment Share on other sites More sharing options...
badjesus Posted April 23, 2015 Share Posted April 23, 2015 What sort of a response is that? I am having this same issue. I have had a ticket open with C4 for quite a while with no response other than it has been escalated a few times.You can't expect everyone to just use a home router. Users should be penalized for protecting their networks properly. C4 actually told me "We have an approved router list".... right. So my $3000 ISP grade appliance is not "Approved" for C4 because it does things properly?You basically just said "Your company has a proper network, sorry, Control4 can't help you"Of course his company is using egress filtering of some kind. What company wouldn't? There isn't a single ISP in the world that isn't using it in some degree even on home connections. The whole point is to educate installers and users on how to properly allow Control4 access (SECURELY) just like EVERY OTHER SOFTWARE COMPANY IN THE WORLD. Hiding this information as C4 is, is only making it worse. The Port list that is in the support tab is ridiculous and appears to also be incorrect according to the tech I was dealing with. You are forcing people to experiment with security. It shouldn't take a week for C4 to let us know what ports 4sight is ACTUALLY using. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.